This thread is permanently archived
Zero-day vulnerability found in 7-Zip. Patch now!
| > allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area
I can't even imagine myself doing this, like, what, why??
Thanks anyway.
| Not the first time GUI operations under windows cause such vulnerabilities. This is why the GUI is often more restricted regarding rights management in most gnu/linux distros (while they are usually even totally absent in server distros, which is also why "windows server" is a meme for competent server admins).
| I tried peazip but it was way slower to open than 7zip so I'll probably just not drag a 7z file into the help dialogue thanks
| The state of shills.
| i already uninstalled 7-zip, thanks pal
| >>854582 I ironically find doing stuff in CLI easier. Perhaps I'm in denial as I open GUI only to browse web and launch a game off Steam.
| nano ftw
| praise the church of emacs
This thread is permanently archived
| CVE-2022-29072
The vulnerability is present in all Windows versions of 7-Zip up to the current version of 21.07.
*When* they release a patch you can download the latest version here https://www.7-zip.org/
For now, you can protect yourself by deleting the file 7-zip.chm in your 7-Zip installation folder.
You can also switch to a different data compression software such as https://peazip.github.io/
Stay safe and be excellent to each other~